# Integrate PRTG with Active Directory By default, PRTG uses its own internal user account database to authenticate users. For many PRTG customers, particularly those with smaller networks, this local authentication meets all their needs. But for PRTG customers who have more complex environments and infrastructures or who want to reduce the number of authentication mechanisms in their networks, PRTG offers Active Directory (AD) integration as well. This way, all members of the AD user groups that are mapped to user groups in PRTG during the integration can log in to PRTG with their AD domain credentials afterward.

## 1. Prepare your Active Directory for PRTG integration

In the AD, make sure that users who require the same [access rights](https://www.paessler.com/manuals/prtg/user_access_rights) for PRTG are in the same AD user group. In our example, the AD user group *PRTG\_ADM* contains the two administrator user accounts that later have administrative rights in PRTG and that can also manage access rights and cluster setups and change the monitoring configuration of PRTG. The AD user group *PRTG\_RO* contains the four user accounts that later have only read access rights in PRTG.

## 2. Prepare your PRTG core server system

Make sure that the PRTG core server system is a member of the AD domain with which you want to integrate it. You can check and, if necessary, change this setting via the Windows **Control Panel**:

1. Navigate to **System**. 2. Go to section **Computer name, domain, and workgroup settings**. 3. Check the settings **Full computer name** and **Domain**.

## 3. Add Active Directory domain details to PRTG

In the next step, you need to provide your local AD domain details in PRTG:

1. Open the PRTG web interface and select **Setup** | **System Administration** | **Core & Probes** from the main menu. 2. Go to section **Active Directory Integration** and enter your local AD domain name in the **Domain Name** field. 3. Choose your preferred **LDAP Connection Security** 4. Under **Access Type**, select **Use explicit credentials** to define the Windows service account that PRTG uses to authenticate against the AD. ![additional info manual](https://hlassets.paessler.com/common/files/screenshots/prtg-v17-4/how-to-guides/backups/additional-info_manual.svg) The service account must have the **Read permissions**, **Read all properties**, and **List contents** permissions for all your AD user groups. 5. Under **User Name**, enter the service account name that PRTG uses to access the AD. 6. Under **Password**, enter the respective password of the service account. 7. Click **Save**.

## 4. Add new user groups in PRTG

1. In the PRTG web interface, select **Setup** | **System Administration** | **User Groups** from the main menu. 2. Hover over ![step2 pluszeichenflietext](https://hlassets.paessler.com/common/files/screenshots/prtg-v17-4/how-to-guides/msp/step2-pluszeichenflietext.jpg) and select **Add User Group**. 3. Provide a meaningful **User Group Name**. 4. Under **Administrative Rights**, select **Give user group members administrative rights**. 5. Under **Active Directory or Single Sign-On Integration**, select **Use Active Directory integration**. 6. Under **Active Directory Group**, select the AD user group whose members later have access to PRTG. For our example, we chose the *PRTG\_ADM* user group. ![additional info manual](https://hlassets.paessler.com/common/files/screenshots/prtg-v17-4/how-to-guides/backups/additional-info_manual.svg) For very large ADs, you see an input field instead of a dropdown list when you add or modify a user group. In this case, you can only enter the AD user group name. PRTG automatically adds the prefix.

Repeat these steps for the *PRTG\_RO* user group to create a second group of users that have only read access rights for PRTG. In this case, leave the default setting under **Administrative Rights**. Now, members of the defined AD groups can log in to PRTG with the respective access rights.

In the device tree, PRTG automatically creates new groups with the name *\[group\_name\] home* for each of the integrated AD user groups. Do not forget to set [group access rights](https://www.paessler.com/manuals/prtg/user_access_rights#group_overview) that apply to device tree objects as well as to libraries, maps, and reports. You can do so in an object’s settings in section **Access Rights**. The easiest way is to set group access rights in the settings of the root group.